Gemalto CEO: HCE Not Secure for EMV Payments Unless Tokens Stored on Secure Elements or TEE

France-based vendor Gemalto Thursday confirmed its growth projections for 2014 and its longer-term forecast for 2017, despite the recent announcements of support for host-card emulation by Visa and MasterCard Worldwide.

Gemalto, the world’s largest smart card supplier and also the largest trusted service manager, has much to lose if pure host-card emulation, or HCE, takes off. It would enable banks and other service providers to avoid putting their applications on NFC SIMs, like the ones Gemalto supplies by the millions to mobile operators; or to require the hiring of a TSM to manage those applets over the air on the SIMs or other secure elements. 

Gemalto CEO Olivier Piou, while he questioned the inherent security of HCE for EMV payments, sought to put a positive face on the growing interest in the technology, in comments to financial analysts Thursday, following release of the company’s fourth quarter and year-end results. 

Among other things, HCE represents an endorsement of NFC by “all the main players of this ecosystem” for NFC, including Visa, MasterCard and Google, said Piou, who added that HCE would add momentum to the deployment of contactless point-of-sale terminals by merchants. In addition, he acknowledged that HCE enables easier development of applications for use with NFC phones, compared with secure elements. 

Some major telcos, including the Isis joint venture, have been using similar talking points, especially since Visa and MasterCard made their HCE announcements Feb. 19. 

But Piou, like the mobile operators, is taking a position on security that doesn’t quite match that of Visa and MasterCard or to jibe with the strict definition of HCE. Gemalto and the telcos are arguing that HCE is suited for such low-security applications as loyalty and couponing, not for open-loop payment. 

In this article: 

Words

3,500 

Among Topics Covered:

  • Gemalto CEO’s Olivier Piou’s contention that EMV tokens for HCE can't be secure in phone memory
  • Position of Visa and MasterCard on security of tokens and HCE
  • Piou: Decision on HCE security belongs to banks
  • Gemalto’s year-end revenue and profit report and multiyear goals
  • Review of hybrid approach to putting tokens on secure elements for cloud-based NFC payments
  • Oberthur’s take on HCE security
  • Isis’ view of HCE
  • Piou’s comments on Gemalto’s MCX contract and response to question about role vis-à-vis Paydiant 

Sources Quoted: 

Olivier Piou, CEO, Gemalto
Cédric Collomb, managing director, telecom, Oberthur Technologies
Scott Mulloy, CTO, Isis
Jorn Lambert, group executive, digital convergence, MasterCard 

Among companies and organizations mentioned:

Gemalto
Visa
MasterCard
Isis
Oberthur
MCX
Paydiant 

This is premium content from NFC Times.

Read Full Article 

© NFC Times and Forthwrite Media. NFC Times content cannot be copied or distributed without the express permission of the publisher.

HEADLINE NEWS

‘No Way We were Going to Ask for Half a Billion Dollars…’

Unlike other major transit agencies in the U.S., which have spent hundreds of millions of dollars replacing or upgrading their fare-collection systems, the Los Angeles County Metropolitan Transportation Authority has taken a different approach.

UK Bus Operator Go-Ahead Reports Cash Usage has Plummeted Because of Covid, While Contactless Transactions have Surged

The Go-Ahead Group, one of the big five privately owned public bus operators in the UK, said today it has seen cash usage on board the nearly 3,000 buses it runs in England outside of London fall to 23% of transactions, down from 53% three years ago.

Transit Operator Arriva Launches MaaS App in Netherlands; Hints at Expansion to Other European Countries

Arriva, one of the largest private transit operators in Europe, has launched a mobility-as-a-service app in the Netherlands, using white-label software from Israel-based trip-planning app provider

Cal-ITP: Agencies in California Could Hold ‘Several More’ Open-Loop Fare Payments Pilots

The California Integrated Travel Project, or Cal-ITP, is “on track to have at least several more” open-loop pilots or demonstration projects, a spokeswoman for the program told Mobility Payments.

Exclusive: Australia’s Transport for New South Wales Sees ‘Significant Increase’ in Use of Mobile Wallets by Riders

Mobile wallets now make up more than half of all contactless payments for Transport for New South Wales, Australia’s largest transit agency, the agency confirmed to Mobility Payments.

Start-Up Aims to Encourage More Taxi Drivers to Accept Bank Cards for Fares in Turkey

A Turkish start-up hopes to entice more taxi drivers to accept contactless credit and debit cards using SoftPOS terminals on Android smartphones, under a scheme being rolled out by the local fintec

Moscow Metro Launches Test of Facial Recognition Fare Payments Ahead of Rollout; Agency Says Masks Can Slow Verification

Moscow Metro announced that it is officially testing facial recognition-based fare payments at turnstiles, with plans to roll out the technology by the end of the year.

Major Transit Agency to Test Virtual Closed-Loop Cards with Google Pay

Aug 8 2021

Moscow Metro is launching a trial of a virtual version of its closed-loop Troika card that will be added to the Google Pay wallet, the agency announced Wednesday.

WMATA in D.C. Rolling Out New Terminals but has No Immediate Plans to Support Open Loop

The Washington (D.C.) Metropolitan Area Transit Authority last month started to replace 1,200 aging fare gates for its 91-station metro system and starting next year will do the same with 20-plus year-old fareboxes on board 1,500 buses, including upgraded readers for its closed-loop SmarTrip cards.

Visa Touts Growth in Contactless, Continues to Push Open-Loop Payments

Visa reported this week that contactless payments continued to climb as a percentage of all face-to-face transactions with its brand, mainly at retail, and among the uses the network is continuing to push for contactless is to pay for transit fares.

MaaS Global CEO: Transit Agencies Should Not Control MaaS Platforms

Sampo Hietanen, founder and CEO of Finland-based MaaS Global, agrees with most other industry experts that public transit should form the “core” of the mobility services on offer in any MaaS app or platform. But he contends that it would be a mistake for the agency itself to control the platform.

Case Study: German City First to Go Live with Check-in/be-out System in Country

Despite the growing popularity of contactless, NFC and QR-code technologies for electronic fare-collection, some transit agencies are experimenting with other technologies to collect fares.